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ABSTRACT 


This paper deals with the android application security detection method, based on the permissions .Mobile applications 
create their own security and privacy models through permission-based models. Some applications may request extra 
permissions that they do not need but may use for suspicious activities. The aim of this study is to identify those spare 
permissions requested and use this information in the security and privacy approach. To combat serious malware 
campaigns, we need a scalable malware detection approach that can effectively and efficiently identify malware apps. The 
proposed method based on metropolis algorithm with twalk is to provide the detection method for the android security of 
the applications based on the permissions that the applications request from the users during installations. This method 
helps to speedup detection and also increasing the sampling rate. Accuracy, precisions and recall values are calculated 
using true and false positive and negativerates depending on which this model is selected to detect the security of the 


android application. 
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INTRODUCTION 


The widespread use of mobile devices has led to an increase in the ability of users to store critical information such as 
personal/confidential data and bank account numbers on their mobile devices. Mobile applications create their own 
security and privacy models through permission-based models. Some applications may request extra permissions that they 
do not need but may use for suspicious activities. Ill-intentioned people who are aware of this aim to acquire 
money/reputation illegally make use of this information. In order to prevent unwanted consequences caused by such 
actions, mobile device manufacturers, mobile application developers, mobile application market owners and governments 
are engaged in coming up with new precautions such as dangerous permission detection methods. Android OS is 


susceptible to various security attacks due to its weakness in security. 


Why Android Application Security is Important 

With the number of android device users increasing year after year, the need for mobile security is also gaining ground. 
Android phones have now become vulnerable because of the rapid progress in the mobile phone industry and the 
introduction of cloud services and apps. In other words, android security has yet to reach millions of users, unlike the 


progress seen in the overall usage of smart phones. 
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The Two main reasons why android security are important due, 
e Android security protects you against malvertisers 
e =Android security protects your private data 


To provide the security, android security detections methods play a important role in safeguarding the android 


applications. 
PRILIMINARIE 


In this section, readers are provided with the preliminary details which are necessary to understand the purpose, techniques 
and key concerns of the various research works. The background of Android permission and Metropolis Algorithm with 


twalk is introduced. 
Permissions 


Permissions are an important security mechanism for Android systems. Android permissions are primarily used to limit the 
use of restricted functionality within an application, as well as component access between applications. Android 
permissions are divided into normal permissions and dangerous permissions. Normal permissions cover applications that 
need access to their sandbox, external data or resources. However, there is little risk to user privacy or other application 
operations. These permissions are granted when the app is installed. The user is no longer asked at runtime. For example: 
network access, Wi-Fi status, volume settings, etc. Dangerous permissions include areas where the application requires 
data or resources that involve user privacy information, or that may affect the operation of data stored by users or other 
applications. For example: Read address book, read and write memory data, get user location, etc. If the application claims 
that these dangerous permissions are required, the user must be explicitly told atrun time to have the user manually grant 


them. As shown in Table. 








Group number Dangerous Permissions 
WRITE_CONTACTS 
CONTACTS 3 GET_ACCOUNTS 


READ_CONTACTS 
READ_CALL_LOG 
READ_PHONE_STATE 
CALL_PHONE 

PHONE a WRITE_CALL_LOG 

USE_SIP 
PROCESS_OUTGOING_CALLS 
ADD_VOICEMAIL 
READ_CALENDAR 









































CALENDAR 2 | wRITE_CALENDAR 
CAMERA 1 | CAMERA 
SENSORS 1 | BODY_SENSORS 
saan ACCESS_FINE_LOCATION 
LOCATION 2 | ACCESS_COARSE_LOCATION 
READ_EXTERNAL_ STORAGE 
STORAGE 2 | wRITE_EXTERNAL_ STORAGE 
MICROPHONE 1 | RECORD_AUDIO 
READ_SMS 
RECEIVE WAP_PUSH 
SMS 5 | RECEIVE_SMS 
RECEIVE_MMS 
SEND_SMS 
Figure 1 
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Although Google offers dangerous permissions, J. Li et al. [12] study indicates that even normal permissions can 
be exploited by mal Apps and a few dangerous permissions do not appear in the top-40risky list. W. Wang et al. [1] 
compared their list of 22significant permissions to the list of 24dangerouspermissionsidentified by Google; they noticed 


that there are only 8 permissions that appear on both lists. At the same time, the detection technology is extremely difficult. 


Statisticized by Statista: As of January 2018, 4.4% of users still use the Android operating system version lower 
than Android 6.x. This method analyzes the confidence intervals of 24 Android dangerous permissions. Extract dangerous 


permissions that significantly affect the security of the application. 
MCMC 


The MCMC method is a Monte Carlo simulation using a Markov chain. The basic principle of the MCMC method is to 
construct a probability transfer matrix using carefully balanced conditions. Make the target probability the smooth 
distribution of the probability transfer matrix. There are two methods for constructing the probability transfer matrix: 
Metropolis-Hasting and Gibbs sampling. In statistics, the Metropolis—Hastings algorithm with twalk is a MCMC method 
for obtaining a sequence of random samples from aprobability distribution without tuning for which direct sampling is 
difficult. This method calculates the certainty of Android dangerous permissions through the Metropolis sampling 


algorithm.[1] 
Tuning 


"Tuning" broadly describes what happens before sampling. In Bayesian inference, our goal is to calculate expectations 
over probability distributions. MCMC achieves that by producing samples that are asymptotically guaranteed to come 


from the distribution of interest: the "stationary distribution". 


PROPOSEDSECURITYDETECTION METHODS USING METROPOLIS ALGORITHM WITH 
TWALK 


Metropolis Detection Method with Twalk 
Metropolist walk is a new general purpose MCMC sampler for arbitrary continuous distributions that requires no tuning. 


The t-walk maintains two independent points in the sample space, and all moves are based on proposals that are 
then accepted with a standard Metropolis-Hastings acceptance probability on the product space. Hence the t-walk is 
provably convergent under the usual mild requirements. We restrict proposal distributions, or ‘moves’, to those that 
produce an algorithm that is invariant to scale, and approximately invariant to affine transformations of the state space. 
Hence scaling of proposals, and effectively also coordinate transformations, that might be used to increase efficiency of the 
sampler, are not needed since the t-walk’s operation is identical on any scaled version of the target distribution. Four 


moves are given that result in an effective sampling algorithm. 


The t-walk is excellent for initial exploration as it overcomes the need to tune proposals for scale and correlation, 
which is typically the first difficulty encountered when applying MCMC methods. For a large number of problems the t- 
walk will allow sufficiently efficient sampling of the target distribution that no recourse to further algorithm developments 
required. Also, the t-walk will prove use fulin multiple data analyses where details of the posterior distribution depend 
sufficiently on a particular dataset that adjustment would be required to the proposal in a standard Metropolis-Hastings 


algorithm, allowing for automatic use of MCMC sampling. 
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Android applications security detection method based on Metropolis algorithm is designed. This method analyzes 
Android's 24 dangerous permissions using the Metropolis algorithm, removes uncertainty permissions, and extracts certain 


permission features. Then, the features are learned and classified through the classification technology of machine learning. 
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Figure 2: System Model of Detection Method using Metropolis Algorithm with Twalk. 


Here we leverage Metropolis algorithm with twalk to get app certain permission. The system model consists of 
four steps: data set collection, decompiling apk and extract apk’s certain permissions, using machine learning to train and 
test, and result analysis. Figure 2 shows the system model of android security detection method using metropolis twalk 


algorithm. 

Step 1: Collect Apk Samples 

Used a python program to crawl benign Apps from the site. Malicious Apps were downloaded in the drebin dataset. 
Step 2: Apkdecompile and Feature Extraction 


Decompile the apk file with Apk Tool. Extracted the AndroidManifest.xml file containing the permission declaration. 
Extract the dangerous privilege of 24 Google claims from Android in the AndroidManifest.xml file. Then, using the 


Metropolis algorithm to extract the certain permissions form alicious app detection. 
Step3: Machine Learning-Based Classification 


Machine learning is performed by deterministic permissions on the app classification. The data was trained and tested by 
SVM machine learning classification algorithms. The results indicate that when Support Vector Machine (SVM) is used as 


the classifier, over 90% of precision, recall, accuracy, and F-measure can be achieved. [2] 
Step 4: Experimental Results Evaluation and Analysis 


Through machine learning and classification, apps are divided into benign apps and malicious apps. Then, using the 


Precision, Recall, F-Measure, Accuracy indicators to evaluate the experimental results of machine learning. 
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RESULTS 
For all the above methods mentioned results are evaluated using following assessment methods 
Accuracy 


Accuracy = (TP+TN)/(TP+FN+FP+TN).That is, the number of samples correctly classified by the detection model divided 


by all the number of samples. 
Precision 


Precision=TP/(TP+FP). That is, the proportion of the samples which are classified as malware by the detection model is 


actually a benign category. 
Recall 


Recall=TP/(TP+FN). That is, the proportion of the malware samples which are classified as malware by the detection 


models 
CONCLUSIONS 


Security checking for Android applications plays a key role in user-safe use of applications. This approach uses the 
Metropolis algorithm with Twalk to analyze the certainty of24 dangerous permission detections for Android Apps. Here 
key permissions for malicious application detection are also extracted. For Classifications vmis used to achieve more 


than90% of precision, recall, accuracy and F measure. 
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